Shannon Vavra – Page 25 – WindowsTechs.com

Google finds Indian hack-for-hire firms exploiting coronavirus fears via spearphishing schemes

Posted on May 27, 2020 by Shannon Vavra

Hack-for-hire firms in India have been impersonating the World Health Organization in credential-stealing spearphishing email campaigns, Google’s Threat Analysis Group said Wednesday. The hack-for-hire campaign, which has targeted healthcare companies, consulting firms, and financial services entities primarily in the U.S., Slovenia, Canada, Iran, Bahrain, and Cyprus, uses Gmail accounts imitating the WHO to direct victims to lookalike WHO websites. From there, victims are urged to sign up for healthcare alerts related to the coronavirus pandemic, according to Google. When signing up, however, users are prompted to reveal their Google account credentials or other personal information such as their cell phone numbers. It’s just the latest example of criminals and nation-state actors seizing upon the uncertainty during the COVID-19 pandemic to send spam emails purporting to have information from health authorities about the coronavirus, but are actually seeking to steal credentials or are laced with malware. Other spearphishing email campaigns have imitated the U.S. Centers […]

The post Google finds Indian hack-for-hire firms exploiting coronavirus fears via spearphishing schemes appeared first on CyberScoop.

Continue reading Google finds Indian hack-for-hire firms exploiting coronavirus fears via spearphishing schemes→

Federal officials have arrested another accused FIN7 hacker

Posted on May 26, 2020 by Shannon Vavra

A Ukrainian national was arrested last week in Seattle for his alleged involvement in hacking operations run by FIN7, a syndicate known for stealing approximately $1 billion from its victims in the United States. According to court documents obtained by CyberScoop, Denys Iarmak has been charged with conspiracy to commit computer hacking, accessing a protected computer to commit fraud, intentional damage to a protected computer, access device fraud, conspiracy to commit wire and bank fraud, wire fraud, and aggravated identity theft. The arrest is a significant move against financially motivated FIN7, which has targeted the hospitality and gaming industries in the last several years. FIN7 has gone after restaurants including Chipotle, Red Robin, Taco John, as well as a credit union and a casino. According to the court documents, Iarmak was part of a scheme where operators allegedly ran spearphishing campaigns to gain unauthorized access to victim computers, deploy malware, conduct […]

The post Federal officials have arrested another accused FIN7 hacker appeared first on CyberScoop.

Continue reading Federal officials have arrested another accused FIN7 hacker→

Tool targeting Android users in Thailand looks to be work of sloppy spyware startup

Posted on May 19, 2020 by Shannon Vavra

A software surveillance tool that appears to be linked to a spyware company notorious for shoddy exploits has been spying on WhatsApp and Facebook messages of Android users in Thailand, according to new Cisco Talos research published Tuesday. The malware, which Talos dubs “WolfRAT,” searches for activity on the victims’ chat applications so it can record activity on the screen, according to Talos. The surveillance tool is also capable of intercepting SMS messages, collecting contact information and browser history, taking photos, recording audio, and stealing users’ pictures, Talos researchers told CyberScoop. The tool, which Talos observed being used as recently as April, is believed to be attached to Wolf Research, a now-defunct startup that was shut down once its work was exposed in a talk at the 2018 VirusBulletin Conference. Targets may be downloading WolfRAT after visiting websites with domain names linked to popular Thai cuisine, according to Talos. Victims may also have downloaded […]

The post Tool targeting Android users in Thailand looks to be work of sloppy spyware startup appeared first on CyberScoop.

Continue reading Tool targeting Android users in Thailand looks to be work of sloppy spyware startup→

Microsoft opens up coronavirus threat data to the public

Posted on May 14, 2020 by Shannon Vavra

Microsoft is making the threat intelligence it’s collected on coronavirus-related hacking campaigns public, the company announced Thursday. “As a security intelligence community, we are stronger when we share information that offers a more complete view of attackers’ shifting techniques,” the Microsoft Threat Intelligence team said in a blog post. “This more complete view enables us all to be more proactive in protecting, detecting, and defending against attacks.” Microsoft decided to open up its feed in order to boost awareness about attackers’ changing techniques during the pandemic — especially for those who may not have the expansive visibility the company possesses. “Microsoft processes trillions of signals each day across identities, endpoint, cloud, applications, and email, which provides visibility into a broad range of COVID-19-themed attacks, allowing us to detect, protect, and respond to them across our entire security stack,” the security team wrote. Michael Daniel, president and CEO of the Cyber Threat […]

The post Microsoft opens up coronavirus threat data to the public appeared first on CyberScoop.

Continue reading Microsoft opens up coronavirus threat data to the public→

Former Ghana government officials sentenced to jail for doing business with NSO Group

Posted on May 12, 2020 by Shannon Vavra

Three former government officials in Ghana have been sentenced to jail for purchasing spyware products from Israeli software surveillance company NSO Group. The country’s former national security coordinator, Salifu Osman, and director-general of the country’s telecommunications authority, William Tetteh Tevie, were sentenced to five years in prison, according to Ghana Business News and other local news outlets. A former board chairman of the telecommunications authority, Eugene Baffoe-Bonnie, was sentenced to six years because he allegedly made $200,000 from the deal, according to Graphic Online. The case, which has been in the country’s high court since 2017, hinged on the argument that officials had caused significant financial loss in the country due to their $4 million purchase of NSO Group’s signature Pegasus spyware. The National Communications Authority (NCA) allegedly bought the surveillance product through a reseller in order to track suspected terrorism, according to Graphic Online, which attended the court session Tuesday. It […]

The post Former Ghana government officials sentenced to jail for doing business with NSO Group appeared first on CyberScoop.

Continue reading Former Ghana government officials sentenced to jail for doing business with NSO Group→

FBI, DHS to go public with suspected North Korean hacking tools

Posted on May 12, 2020 by Shannon Vavra

The FBI and the Department of Homeland Security are preparing to jointly expose North Korean government-backed hacking this week, CyberScoop has learned. Threat data meant to help companies fend off hackers has already been shared with the private sector in an effort to boost cyber-defenses in critical infrastructure sectors. The circulating information, contained in several documents known as malware analysis reports (MARs), details activity from Hidden Cobra hackers, an advanced persistent threat group that the U.S. government has previously linked with the North Korean government. The Hidden Cobra group frequently targets financial institutions such as banks, cryptocurrency exchanges, and ATMs for financial gain, the government says. However, it was not immediately clear which specific security incidents, if any, the U.S. government sought to expose in the information sharing effort. The documents, which sources say contains 26 malware samples, appear to be the latest piece of a broader U.S. government effort […]

The post FBI, DHS to go public with suspected North Korean hacking tools appeared first on CyberScoop.

Continue reading FBI, DHS to go public with suspected North Korean hacking tools→

A discovered malware sample uses code from the NSA and a Chinese hacking group

Posted on May 7, 2020 by Shannon Vavra

Good hackers steal, great hackers borrow. According to new research from ESET, a code obfuscation tool that’s been linked to Chinese-based hackers has been used in tandem with an implant that has been attributed to Equation Group, a hacking faction that is broadly believed to have ties to the National Security Agency. ESET says the obfuscation tool is linked with Winnti Group, while the implant, known as PeddleCheap, appeared in an April 2017 leak from the mysterious group known as the Shadow Brokers. It’s unclear if the sample was used in a malicious campaign or if it’s the product of a security researcher experimenting with different tools, according to Marc-Étienne Léveillé, a malware researcher at ESET. It was uploaded to malware-sharing repository VirusTotal in 2017, according to Léveillé. The Winnti-linked packer was used in a series of intrusions at gaming organizations in 2018, which ESET has previously documented. ESET published its findings […]

The post A discovered malware sample uses code from the NSA and a Chinese hacking group appeared first on CyberScoop.

Continue reading A discovered malware sample uses code from the NSA and a Chinese hacking group→

A Department of Defense bulletin on a ‘leaking’ sinkhole has baffled cybersecurity experts

Posted on May 6, 2020 by Shannon Vavra

In mid-April, an obscure agency housed under the Department of Defense issued a bulletin that a little-known, Chinese-linked hacking group is likely responsible for some suspicious activity aimed at defense contractors in the U.S. But how the Defense Counterintelligence and Security Agency (DCSA) came to that conclusion is complicated. The alert, sent to 38 contractors, says DCSA detected the group was making “inbound and outbound connections” with contractors’ facilities as of Feb. 1. The targeting, which appeared to have stopped by March 25, was directed at several critical infrastructure sectors, including aerospace, health care and maritime, according to a copy of the bulletin obtained by CyberScoop. A DCSA official tells CyberScoop the document was meant to raise awareness among the contractors, but numerous sources tell CyberScoop that it is more confusing than clarifying. The bulletin, which was first reported by Politico, has raised questions about the attributed hacking group and if the actions described […]

The post A Department of Defense bulletin on a ‘leaking’ sinkhole has baffled cybersecurity experts appeared first on CyberScoop.

Continue reading A Department of Defense bulletin on a ‘leaking’ sinkhole has baffled cybersecurity experts→

How hackers are updating the EVILNUM malware to target the global financial sector

Posted on May 6, 2020 by Shannon Vavra

Hackers behind a series of targeted financial attacks have been updating their malware to better evade detection over the last year, according to new Prevailion research slated to be published Wednesday. Since at least February 2019, the hackers, who have begun impersonating CEOs and banks in their lure documents, have introduced at least seven updates to the malicious software known as EVILNUM, which enables attackers to upload and download files, harvest tracking cookies, and run arbitrary commands. While internet scammers frequently masquerade as corporate executives to tempt victims into clicking on malware, attackers behind EVILNUM are rapidly working to make their tools more obscure. The unknown attackers began rolling out the newest version of the EVILNUM malware three days ago. By press time, the hacking tool only was detected by eight of the 59 vendors on VirusTotal, a malware-sharing repository indicating many common software security vendors are not capable of […]

The post How hackers are updating the EVILNUM malware to target the global financial sector appeared first on CyberScoop.

Continue reading How hackers are updating the EVILNUM malware to target the global financial sector→

NSO Group partly disputes claim about use of U.S.-based servers in WhatsApp spy campaign

Posted on May 1, 2020 by Shannon Vavra

Israeli surveillance software company NSO Group is back in court disputing WhatsApp’s claims that it used U.S.-based infrastructure to launch spyware against thousands of WhatsApp users last year. In court documents filed Thursday, NSO Group rejected Facebook-owned WhatsApp’s allegations that NSO Group used servers from a Los Angeles-based hosting provider, QuadraNet, over 700 times to target WhatsApp users. “Plaintiffs’ new claims about QuadraNet are false: NSO did not contract with QuadraNet to use its California servers,” the filing reads. NSO Group claimed in the filings that even if its spyware, Pegasus, did use QuadraNet servers, it was third-party activity. The company sells its software around the globe to intelligence and law enforcement agencies. “If Pegasus messages did pass through QuadraNet servers, they would have been sent by NSO’s customers, not NSO,” the filing states. “We repeat: NSO Group does not operate the Pegasus technology for its clients,” the spokesperson added. NSO Group CEO Shalev Hulio said […]

The post NSO Group partly disputes claim about use of U.S.-based servers in WhatsApp spy campaign appeared first on CyberScoop.

Continue reading NSO Group partly disputes claim about use of U.S.-based servers in WhatsApp spy campaign→